Malware can be used to add 'fake cancer tumors' to or remove tumors from CT scan and MRI images

Using malware that exploits the vulnerability of medical equipment such as

CT scan and nuclear magnetic resonance imaging (MRI), it is possible to modify the diagnosis using these equipment, for example, the result of 'image diagnosis of cancer' An Israeli researcher points out that it can.

[1901.03597] CT-GAN: Malicious Tampering of 3D Medical Imagery using Deep Learning

Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists-The Washington Post

Serious security vulnerabilities exist in medical devices such as CT scans and MRIs and PACS networks for transmitting images captured by these devices to other terminals, and malware that can be used The Israeli researchers are developing. Malware developed by researchers can be used to make corrections to images taken by CT scan and MRI before using images taken by radiologists and doctors on the device. Furthermore, the research team trains the code using machine learning to develop malware and quickly evaluates the CT scan passing through the PACS network to be appropriate for the patient's own anatomical structure and dimensions We made it possible to output 'false tumors'.

You can use the following movie to see how to use malware to manipulate a CT scan image, turn a noncancer patient into a cancer patient, or remove a tumor from the cancer patient's CT image.

Injecting and Removing Cancer from CT Scans-YouTube

Add nodules or tumors to the lungs. The left is the original CT image, and the right is the CT image that has been tampered with by malware.

The red arrows indicate the tumors that were intentionally added.

It is also possible to add as many as 472 nodules and tumors.

A 3D model of the lung with added nodules.

The following shows how to remove a cancerous tumor from a CT image. The left is the original image, and the right is the malware removed the tumor from the original image.

The tumor in the red arrow is the tumor, which disappears completely from the image on the right.

When it comes to how to launch malware attacks, we are preparing a single board computer like USB Ethernet adapter and

Raspberry Pi . The cost of preparing these is only about $ 40 (about 4500 yen).


Raspbian on Raspberry Pi and build a network bridge to make the device act as a Wi-Fi access point. And from here you run malware that can insert and delete cancerous tumors.

The Raspberry Pi and USB Ethernet Adapter invade the hospital during nighttime when there are few people ...

It will be installed in the CT scan room etc.

Connect Raspberry Pi and USB Ethernet adapter between LAN cables.

You can now access the network inside the healthcare facility via raspberry pie ...

You will be able to install malware on your PACS network in as little as 30 seconds.

The attacker can now access the CT scan from a remote location.

We use dummy models to test what kind of attacks malware can do.

A CT scan sends captured images to a workstation or back-end database used by a radiologist via a medical imaging management system (

PACS ) server. Since medical institutions do not apply special encryption to this communication content, an attacker can intercept communication via the installed Raspberry Pi.

Even if the healthcare organization uses

TLS in the network, version 1.2 of TLS is encrypted but the payload remains plain text , and in all other cases TLS is not used at all, so there is no problem communicating Can intercept the

The attacker now has complete control over the CT scan controls, and can add or remove tumors from the CT image at any time.

The malware was created by Yisroel Mirsky and Yuval Elovici, who work for the Cybersecurity Research Center at Ben Gurion University in Israel. In the research, in order to confirm the accuracy of the created malware, 70 “malware-corrected images” were mixed in the CT scan image, and 3 expert radiologists performed diagnosis using the image.

As a result, the radiologist diagnosed 'the tumor image of cancer created by malware' with cancer with 99% accuracy, and it was said that 94% of 'the image from which the malware removed the tumor' was healthy. . In addition, even in cases reported to radiologists that “the CT image has been altered by malware,” false cancer tumor images lead to misdiagnosis at a rate of 60%, and the malware deleted the cancer tumors In some cases, cancer patients have had a chance of 87%.

Nancy Boniel, a Canadian radiologist who participated in the study, said, “I felt as if the carpet had been pulled out of my feet, and I was left without the tools needed to move forward. It's like 'Mirsky's malware is a great threat to radiologists.' The research focuses only on CT scans in lung cancer, but the attack also works on conditions such as brain cancer, heart disease, thrombosis, spinal cord injury, bone fractures, ligament injury, and arthritis, says Mirsky.

'When the data is shared with other hospitals and other doctors, we pay close attention to privacy,' Mirsky says. However, in in-hospital systems that the general public can not access, there are cases where encryption does not work well. 'The general PACS network is not encrypted,' said Fotios Chantzis, who works at the Mayo Clinic in Minnesota, and 'the local hospital network is no longer secure,' said 'outside. It is necessary to review the network within the medical institution that is operated under the assumption that the Encryption is available with some PACS software, but is not yet commonly used as it requires communication with older systems that do not have the ability to decrypt or re-encrypt images.

It is recommended that end-to-end encryption be enabled on the PACS network and that digital signatures be used on all images to prevent CT scan and MRI interception.

in Software,   Video,   Security, Posted by logu_ii